[debian-edu-commits] [Debian Wiki] Update of "DebianEdu/Documentation/Bullseye/Upgrades" by WolfgangSchweer

Mon Jan 18 20:48:11 GMT 2021

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Debian Wiki" for change notification.

The "DebianEdu/Documentation/Bullseye/Upgrades" page has been changed by WolfgangSchweer:
https://wiki.debian.org/DebianEdu/Documentation/Bullseye/Upgrades?action=diff&rev1=4&rev2=5

Comment:
upgrading a combined server is quite a challenge...

  
  == Upgrades from Debian Edu Buster ==
  
- /!\ Be prepared: make sure you have tested the upgrade from Buster in a test environment or have backups ready to be able to go back. 
+ /!\ Be prepared: make sure you have tested the upgrade from Buster in a test environment or have backups ready to be able to go back.
  
  Please note that the following recipe applies to a default Debian Edu main server installation (desktop=xfce, profiles Main Server, Workstation, LTSP Server). (For a general overview concerning Buster to Bullseye upgrade, see:
  https://www.debian.org/releases/bullseye/releasenotes)
@@ -45, +45 @@

  apt clean
  }}}
  
-  * Make sure you have enough disk space. On both ''/usr'' and ''/var'' about 5 GiB free space will be needed temporarily. See the related [[DebianEdu/Documentation/Bullseye/HowTo/Administration|manual chapter]] for more information. 
+  * To avoid a possible squid file permission pitfall, run
+ {{{
+ rm -f /etc/squid/conf.d/debian-edu.conf
+ }}}
  
-  * Prepare and start the upgrade to Bullseye:
+  * Prepare and start the upgrade to Bullseye (new security entry): 
  {{{
  sed -i 's/buster/bullseye/g' /etc/apt/sources.list
+ sed -i 's#/debian-security bullseye/updates# bullseye-security#g' /etc/apt/sources.list
  export LC_ALL=C        # optional (to get English output)
  apt update
  apt full-upgrade
- }}}	
- 
-  * apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using ''mailx'' or ''mutt''). 
- 
-  * Read all debconf information carefully, choose 'keep your currently-installed version' unless stated differently below; in most cases hitting return will be fine.
-   * restart services: Choose yes. 
- 
-  * Apply and adjust configuration: 
- {{{
- cf-agent -I -D installation
  }}}
  
-  * Get the new Debian Edu Bullseye artwork:
+  * apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using ''mailx'' or ''mutt'').
+ 
+  * Read all debconf information carefully, choose 'keep the local version currently installed' unless stated differently below; in most cases hitting return will be fine.
+   * restart services: Choose yes.
+   * base-passwd: Choose yes.
+   * Samba server and utilities: Choose 'keep the local version currently installed'.
+   * Kerberos servers: Enter 'kerberos' and hit 'OK'.
+   * /etc/default/slapd: Choose N.
+   * openssh-server: Choose 'keep the local version currently installed'.
+   * /etc/cups/cups-files.conf: Choose N.
+   * /etc/munin/munin.conf: Choose N.
+  
+  * Cleanup from no longer needed packages to don't break exiting Xfce setup:
  {{{
- apt install debian-edu-artwork-bullseye
+ apt autoremove --purge
- }}}	
+ }}}
+ 
+  * Apply and adjust configuration:
+ {{{
+ cf-agent -v -D di,installation
+ }}}
   
-  * After reboot, do some more cleanup:
+  * Setup and configure the Icinga2 web interface:
+   * Run {{{apt install icinga2-ido-mysql}}}, always choose '''No''' if asked by debconf.
+   * Ignore an error message about the ''icingadb'' existence.
+   * Run {{{/usr/share/tools/edu-icinga-setup}}}
+ 
+  * Get the new Debian Edu Homeworld artwork:
  {{{
+ apt install debian-edu-artwork-homeworld
+ apt purge debian-edu-artwork-buster      # unless Buster artwork should be kept as an alternative
- apt purge linux-image-4.19.0-*
- apt purge linux-headers-4.19.0-*
- apt --purge autoremove
  }}}
+ 
+  * Cope with new LTSP and related changes, run:
+ {{{
+ rm -f /etc/default/tftpd-hpa        # to remove no longer needed modifications
+ rm -rf /var/lib/tftpboot            # to remove no longer used tftp base directory
+ dpkg-reconfigure -p low tftpd-hpa   # first prompt: keep ''tftp' as system account, second: change TFTP root directory to ''/srv/tftp''
+                                     # third: keep address and port, last one: enter ''--secure'' as additional option 
+ service tftpd-hpa restart
+ rm -rf /opt/ltsp                    # cleanup old LTSP base directory
+ # The next steps will need quite some execution time.
+ debian-edu-ltsp-install --arch amd64 --diskless_workstation no thin_type bare   # if 64-Bit thin client support is wanted
+ debian-edu-ltsp-install --arch i386 --diskless_workstation no thin_type bare    # if 32-Bit thin client support is wanted
+ debian-edu-ltsp-install --diskless_workstation yes   # to create diskless workstation image from the server's file system
+ debian-edu-pxeinstall                                # to add PXE installation files add related iPXE menu items 
+ }}}
+ 
+  * Cope with move to iPXE - modify DHCP settings in LDAP, e.g. using an editor like ldapvi. Make sure, DHCP related entries match those contained in the ''/etc/ldap/gosa-server.ldif'' file. Entries concerned are:
+   * 60 cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+   * 81 cn=intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+   * 83 cn=subnet00.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+   * 85 cn=subnet01.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
+   
+  * Cope with GOsa changes - use new gosa.conf, fix LDAP access:
+   * cp /etc/gosa/gosa.conf /etc/gosa/gosa.conf.buster # backup
+   * cp /usr/share/debian-edu-config/gosa.conf.template /etc/gosa/gosa.conf # new gosa.conf file
+   * Search for adminPassword and snapshotAdminPassword in /etc/gosa/gosa.conf and replace $GOSAPWD with the random password found in /etc/gosa/gosa.conf.orig for those entries.
+   * rm /etc/gosa/gosa.secrets
+   * Run {{{gosa-encrypt-passwords}}}
+   * Run {{{service apache2 restart}}}
+ 
+  * Cope with Kerberos encryption type changes:
+   * cp /etc/krb5kdc/kdc.conf_non-edu /etc/krb5kdc/kdc.conf
+   * sed -i 's/#supported_enctypes/supported_enctypes/' /etc/krb5kdc/kdc.conf
+   * Run {{{service krb5-admin-kdc restart}}}
+  
+  * Cope with Samba changes:
+   * Add first user's Samba account: {{{smbpasswd -a <first username>}}}. Once users change their password, the related Samba account will be created.
  
   * Check if the upgraded system works:
  
  Reboot; log in as first user and test
- 
   * if the GOsa² gui is working,
   * if one is able to connect LTSP clients and workstations,
   * if one can add/remove a netgroup membership of a system,
@@ -91, +142 @@

  === Upgrading a workstation ===
  
  Do all the basic things like on the main-server and without doing the things not needed.
+ If not yet done, configure the machine to use Kerberos for mounting home directories, see the [[DebianEdu/Documentation/Bullseye/GettingStarted|getting started]] chapter for details. 
  
  == Upgrades from older Debian Edu / Skolelinux installations (before Buster) ==
  

